Cisco Load Balancing with Failover setup example

There is Cisco router of 7200 series with 4 FastEthernet interfaces (FE) and 2 serial ports. It should act as load balancer and failover for LAN connected to it via one FE 1/0 interface while two identical Internet connections are going to FE 0/0 and FE 0/1 (let’s name these connections as ISP_1 and ISP_2).

No dynamic routing protocols are used by ISPs but only static routing. The primary task is to ensure quick failover between two Internet connections so LAN users are automatically switched to ISP_2 if ISP_1 fails and vice versa. When both ISP_1 and ISP_2 are online the traffic of LAN users should be shared between two links to double available bandwidth on uplink (Tx) and downlink (Rx), in other words the router should be configured for load balancing between the links. You can see a network diagram below:

Load balancing setup description

There are two basic options available: per-destination or per-packet load balancing. Since ISP_1 and ISP_2 connections have almost the same link characteristics including delay, jitter and bandwidth, it is reasonable idea to pick per-packet option. In comparison to per-destination load balancing approach per-packet uses more router’s hardware resources but makes it possible to share traffic between connections more evenly. For better forwarding performance the router will be configured for Cisco Express Forwarding or simply CEF per-packet load balancing.

Failover description

Every 30 seconds the router will ping two IP addresses through ISP_1 and two other IP addresses via ISP_2. If both IPs via ISP_1 becomes unreachable (we assume that ISP_1 connection fails in this case) the router will delete ISP_1′s route from its routing table so ISP_2 becomes the only Internet connection for LAN users. Meantime the router still continues pinging two ISP_1′s IP addresses and once they become reachable back ISP_1 is added to ISP_2 as an active Internet connection link. Such failover scenario works in absolutely the same way for ISP_2. Usually this is reasonable idea to ping IP addresses of each provider’s DNS servers when monitoring availability of each ISP.

Miscellaneous details

Notice that CEF per-packet load balancing requires IOS version of 12.0+ while failover setup described above needs 12.4+ IOS version so you have to make sure your Cisco router runs at least 12.4 version of operating system. E.g. c7200-ik9o3s-mz.124-12c.bin would be ok.

9 Comments

You are almost correct. This looks good in theory but does not actually work. The reason being your SLA statements are not an accurate representation of the actual connectivity. In order for this to work, you must also add static PERMINANT routes for each of the DNS servers that the SLAs track out their perspective gateways. Without this addition you will never get this to work. I know because I do this all day long every day.

Excellent blog! Do you have any hints for aspiring writers? I'm planning to start my own blog soon but I'm a little lost on everything. Would you suggest starting with a free platform like Wordpress or go for a paid option? There are so many options out there that I'm totally confused .. Any suggestions? Thanks!

Dear all,can we have the step by step config on how to finish this configuration like it was done above by"Cisco Load Balancing with Failover setup example"Your time is very appreciated.Regards Mokhtar

I tend not to leave a lot of responses, but i did a few searching and wound up here Cisco Load Balancing with Failover setup example - LinuxScrew: Linux Blog. And I actually do have a couple of questions for you if you don't mind. Could it be simply me or does it look like a few of the comments appear like they are coming from brain dead visitors? :-P And, if you are posting at other online social sites, I would like to keep up with anything fresh you have to post. Could you make a list of every one of your public sites like your Facebook page, twitter feed, or linkedin profile?

hi all,Excellent jobs. I try this configuration On may router with one LAN interface it was successful. But with two LAN interface it was not success. In my case a have 2 ATM interface for ISP connection, 1 with PPPoE configuration the 2nd with Bridge Group, 1st LAN for User and 2nd LAN for the Server access only from Bridge Group. The First LAN can't sharing connection on the two Internet ISP.Some one can have recommendation for me !!!

Artem is systems engineer for more than 7 years and holds broad experience in Linux, Unix, Cisco systems administration. Feel free to get in touch with Artem Nosulchik via Google Plus, Twitter or Facebook.

LinuxScrew Recommends

Who’s behind LinuxScew?

My name is Artem Nosulchik, I'm part time blogger and full-time Linux sysadmin. In 2007 I started LinuxScrew to share my personal notes on anything related to Linux and Open Source on the whole and found this pretty interesting.